CentOS7相比CentOS6的防火墙改变特别大,所以记录下
1.修改sshd端口并只限制密钥登录
编辑/etc/ssh/sshd_config
Port 20755
PermitRootLogin no
PubkeyAuthentication yes
PermitEmptyPasswords no
PasswordAuthentication no
#GSSAPIAuthentication yes
#GSSAPICleanupCredentials no
UseDNS no
2. 修改防火墙开放端口
cp /usr/lib/firewalld/services/ssh.xml /etc/firewalld/services/
vim /etc/firewalld/services/ssh.xml
<port protocol="tcp" port="20755"/>
vim /etc/firewalld/zones/public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="dhcpv6-client"/>
<rule family="ipv4">
<source address="172.16.60.0/24"/>
<service name="ssh"/>
<accept/>
</rule>
</zone>
3. 登录普通用户
useradd hzkeung
su - hzkeung
mkdir .ssh
chmod 600 .ssh
vi .ssh/authorized_keys #输入密钥的公钥
chmod 600 .ssh/authorized_keys
4.切换到root, 并重新加载配置文件
systemctl restart sshd.service; firewall-cmd --reload